Represents the Basic Constraints certificate extension from RFC 2459. This extension MUST be critical in CA certificates, and MAY be critical in end-entity certificates.

The path length constraint only makes sense if the CA flag is true. The default value for path length is null, indicating no limit on the number of following certificates in a chain. A value of 0 indicates that only an end-entity certificate may follow the certificate having this extension. Non-null values must be non-negative.

BasicConstraintsExtension

Creates a new extension with the specified CA flag. Extension is critical.

Parameters:

ca - true to mark this certificate as a CA.

BasicConstraintsExtension

public BasicConstraintsExtension(boolean ca,
boolean critical)

Creates a new extension with the specified CA flag.

Parameters:

ca - true to mark this certificate as a CA.

critical - true if this extension is critical, false otherwise.

BasicConstraintsExtension

public BasicConstraintsExtension(java.math.BigInteger pathLen)

Creates a new extension with CA flag true and the specified path length. Extension is critical.

Parameters:

pathLen - The allowed length of the certificate chain following the certificate having this extension. A value of null means unlimited, 0 means only an end-entity certificate may follow. Non-null values must be non-negative.

BasicConstraintsExtension

Creates a new extension with CA flag true and the specified path length.

Parameters:

pathLen - The allowed length of the certificate chain following the certificate having this extension. A value of null means unlimited, 0 means only an end-entity certificate may follow. Non-null values must be non-negative.